forked from infra/ansible
workadventure: remove role (decommission barium.binary-kitchen.net)
This commit is contained in:
parent
a3dddac6d0
commit
7a82e453e9
@ -64,6 +64,5 @@ Currently the following hosts are installed:
|
|||||||
| argentum.binary-kitchen.net | Debian 12 | Event Web * |
|
| argentum.binary-kitchen.net | Debian 12 | Event Web * |
|
||||||
| cadmium.binary-kitchen.net | Debian 12 | Event NetBox * |
|
| cadmium.binary-kitchen.net | Debian 12 | Event NetBox * |
|
||||||
| indium.binary-kitchen.net | Debian 12 | Igel CAM * |
|
| indium.binary-kitchen.net | Debian 12 | Igel CAM * |
|
||||||
| barium.binary-kitchen.net | Debian 12 | Workadventure |
|
|
||||||
|
|
||||||
\*: The main application is not managed by ansible but manually installed
|
\*: The main application is not managed by ansible but manually installed
|
||||||
|
1
hosts
1
hosts
@ -40,4 +40,3 @@ palladium.binary-kitchen.net
|
|||||||
argentum.binary-kitchen.net
|
argentum.binary-kitchen.net
|
||||||
cadmium.binary-kitchen.net
|
cadmium.binary-kitchen.net
|
||||||
indium.binary-kitchen.net
|
indium.binary-kitchen.net
|
||||||
barium.binary-kitchen.net
|
|
||||||
|
@ -1,13 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Run acertmgr
|
|
||||||
command: /usr/bin/acertmgr
|
|
||||||
|
|
||||||
- name: Reload systemd
|
|
||||||
systemd: daemon_reload=yes
|
|
||||||
|
|
||||||
- name: Restart nginx
|
|
||||||
service: name=nginx state=restarted
|
|
||||||
|
|
||||||
- name: Restart workadventure
|
|
||||||
service: name=workadventure state=restarted
|
|
@ -1,5 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
dependencies:
|
|
||||||
- { role: acertmgr }
|
|
||||||
- { role: nginx, nginx_ssl: True }
|
|
@ -1,51 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
# TODO
|
|
||||||
# source code is not yet checked out from git
|
|
||||||
|
|
||||||
- name: Install docker-compose
|
|
||||||
apt: name=docker-compose
|
|
||||||
|
|
||||||
- name: Install git
|
|
||||||
apt: name=git
|
|
||||||
|
|
||||||
- name: Create workadventure group
|
|
||||||
group: name=workadventure
|
|
||||||
|
|
||||||
- name: Create workadventure user
|
|
||||||
user:
|
|
||||||
name: workadventure
|
|
||||||
home: /opt/workadventure
|
|
||||||
shell: /bin/zsh
|
|
||||||
group: workadventure
|
|
||||||
groups: docker
|
|
||||||
|
|
||||||
- name: Install systemd unit
|
|
||||||
template: src=workadventure.service.j2 dest=/lib/systemd/system/workadventure.service
|
|
||||||
notify:
|
|
||||||
- Reload systemd
|
|
||||||
- Restart workadventure
|
|
||||||
|
|
||||||
- name: Ensure certificates are available
|
|
||||||
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ workadventure_domain }}.key -out /etc/nginx/ssl/{{ workadventure_domain }}.crt -days 730 -subj "/CN={{ workadventure_domain }}" creates=/etc/nginx/ssl/{{ workadventure_domain }}.crt
|
|
||||||
notify: Restart nginx
|
|
||||||
|
|
||||||
- name: Configure certificate manager for workadventure
|
|
||||||
template: src=certs.j2 dest=/etc/acertmgr/{{ workadventure_domain }}.conf
|
|
||||||
notify: Run acertmgr
|
|
||||||
|
|
||||||
- name: Configure vhost
|
|
||||||
template: src=vhost.j2 dest=/etc/nginx/sites-available/workadventure
|
|
||||||
notify: Restart nginx
|
|
||||||
|
|
||||||
- name: Enable vhost
|
|
||||||
file: src=/etc/nginx/sites-available/workadventure dest=/etc/nginx/sites-enabled/workadventure state=link
|
|
||||||
notify: Restart nginx
|
|
||||||
|
|
||||||
- name: Enable workadventure
|
|
||||||
service: name=workadventure enabled=yes
|
|
||||||
|
|
||||||
- name: Enable monitoring
|
|
||||||
include_role: name=icinga-monitor tasks_from=http
|
|
||||||
vars:
|
|
||||||
vhost: "{{ workadventure_domain }}"
|
|
@ -1,15 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
{{ workadventure_domain }} play.{{ workadventure_domain }} pusher.{{ workadventure_domain }} uploader.{{ workadventure_domain }}:
|
|
||||||
- path: /etc/nginx/ssl/{{ workadventure_domain }}.key
|
|
||||||
user: root
|
|
||||||
group: root
|
|
||||||
perm: '400'
|
|
||||||
format: key
|
|
||||||
action: '/usr/sbin/service nginx restart'
|
|
||||||
- path: /etc/nginx/ssl/{{ workadventure_domain }}.crt
|
|
||||||
user: root
|
|
||||||
group: root
|
|
||||||
perm: '400'
|
|
||||||
format: crt,ca
|
|
||||||
action: '/usr/sbin/service nginx restart'
|
|
@ -1,76 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 80;
|
|
||||||
listen [::]:80;
|
|
||||||
|
|
||||||
server_name {{ workadventure_domain }} play.{{ workadventure_domain }} pusher.{{ workadventure_domain }} uploader.{{ workadventure_domain }};
|
|
||||||
|
|
||||||
location /.well-known/acme-challenge {
|
|
||||||
default_type "text/plain";
|
|
||||||
alias /var/www/acme-challenge;
|
|
||||||
}
|
|
||||||
|
|
||||||
location / {
|
|
||||||
return 301 https://$host$request_uri;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
|
|
||||||
server_name {{ workadventure_domain }};
|
|
||||||
|
|
||||||
ssl_certificate_key /etc/nginx/ssl/{{ workadventure_domain }}.key;
|
|
||||||
ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
root /opt/workadventure/source/landing/dist;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
|
|
||||||
server_name play.{{ workadventure_domain }};
|
|
||||||
|
|
||||||
ssl_certificate_key /etc/nginx/ssl/{{ workadventure_domain }}.key;
|
|
||||||
ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
root /opt/workadventure/source/src/front/dist;
|
|
||||||
try_files $uri uri/ /index.html?$args;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
|
|
||||||
server_name pusher.{{ workadventure_domain }};
|
|
||||||
|
|
||||||
ssl_certificate_key /etc/nginx/ssl/{{ workadventure_domain }}.key;
|
|
||||||
ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://localhost:8002;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "Upgrade";
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
|
|
||||||
server_name uploader.{{ workadventure_domain }};
|
|
||||||
|
|
||||||
ssl_certificate_key /etc/nginx/ssl/{{ workadventure_domain }}.key;
|
|
||||||
ssl_certificate /etc/nginx/ssl/{{ workadventure_domain }}.crt;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://localhost:8005;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,28 +0,0 @@
|
|||||||
[Unit]
|
|
||||||
Description=WorkAdventure service using docker compose
|
|
||||||
Requires=docker.service
|
|
||||||
After=docker.service
|
|
||||||
Before=nginx.service
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=simple
|
|
||||||
|
|
||||||
User=workadventure
|
|
||||||
Group=workadventure
|
|
||||||
|
|
||||||
Restart=always
|
|
||||||
TimeoutStartSec=1200
|
|
||||||
|
|
||||||
WorkingDirectory=/opt/workadventure/source/
|
|
||||||
|
|
||||||
# Make sure no old containers are running
|
|
||||||
ExecStartPre=/usr/bin/docker-compose down -v
|
|
||||||
|
|
||||||
# Compose up
|
|
||||||
ExecStart=/usr/bin/docker-compose up
|
|
||||||
|
|
||||||
# Compose down, remove containers and volumes
|
|
||||||
ExecStop=/usr/bin/docker-compose down -v
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
7
site.yml
7
site.yml
@ -7,7 +7,7 @@
|
|||||||
- root_keys
|
- root_keys
|
||||||
|
|
||||||
- name: Setup unattended updates
|
- name: Setup unattended updates
|
||||||
hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, pizza.binary.kitchen, pancake.binary.kitchen, knoedel.binary.kitchen, bob.binary.kitchen, lasagne.binary.kitchen, tschunk.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, magnesium.binary-kitchen.net, aluminium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, ruthenium.binary-kitchen.net, rhodium.binary-kitchen.net, palladium.binary-kitchen.net, argentum.binary-kitchen.net, cadmium.binary-kitchen.net, indium.binary-kitchen.net, barium.binary-kitchen.net]
|
hosts: [sulis.binary.kitchen, nabia.binary.kitchen, epona.binary.kitchen, pizza.binary.kitchen, pancake.binary.kitchen, knoedel.binary.kitchen, bob.binary.kitchen, lasagne.binary.kitchen, tschunk.binary.kitchen, bowle.binary.kitchen, beryllium.binary-kitchen.net, boron.binary-kitchen.net, carbon.binary-kitchen.net, nitrogen.binary-kitchen.net, oxygen.binary-kitchen.net, fluorine.binary-kitchen.net, neon.binary-kitchen.net, sodium.binary-kitchen.net, magnesium.binary-kitchen.net, aluminium.binary-kitchen.net, krypton.binary-kitchen.net, yttrium.binary-kitchen.net, zirconium.binary-kitchen.net, molybdenum.binary-kitchen.net, ruthenium.binary-kitchen.net, rhodium.binary-kitchen.net, palladium.binary-kitchen.net, argentum.binary-kitchen.net, cadmium.binary-kitchen.net, indium.binary-kitchen.net]
|
||||||
roles:
|
roles:
|
||||||
- uau
|
- uau
|
||||||
|
|
||||||
@ -172,8 +172,3 @@
|
|||||||
hosts: argentum.binary-kitchen.net
|
hosts: argentum.binary-kitchen.net
|
||||||
roles:
|
roles:
|
||||||
- event_web
|
- event_web
|
||||||
|
|
||||||
- name: Setup WorkAdventure server
|
|
||||||
hosts: barium.binary-kitchen.net
|
|
||||||
roles:
|
|
||||||
- workadventure
|
|
||||||
|
Loading…
Reference in New Issue
Block a user